.html
> http://nedbatchelder.com/blog/201302/finding_python_3_builtins.html
>
> Laura
When I saw the subject line, I was going to jump in, but it looks like
maybe I don't have to! :)
What we use at edX for sandboxing Python is isolation of processes at
the OS level, with AppArmor. We'
Mark Lawrence writes:
> I was always led to believe that the subject was a difficult thing to
> do, but here
> https://www.reddit.com/r/learnpython/comments/3huz4x/how_to_do_math_inside_raw_input/
> is a safe solution in only 23 characters, or are there any discernable
> flaws in it?
Related:
h
On Sun, Aug 23, 2015 at 3:17 PM, Christian Gollwitzer wrote:
> Would it be that difficult to get the same for Python? On the C side, the
> interpreter is a structure and does not use global variables (as opposed to
> CPython), therefore it is easy to create more than one interpreter in a
> single
Am 23.08.15 um 02:04 schrieb Chris Angelico:
import os
eval("os.system('rm -rf /')", {"__builtins__":None})
Traceback (most recent call last):
File "", line 1, in
eval("os.system('rm -rf /')", {"__builtins__":None})
File "", line 1, in
TypeError: 'NoneType' object is not subscript
Ned Batchelder has researched this one quite a bit, see:
see: http://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html
http://nedbatchelder.com/blog/201302/looking_for_python_3_builtins.html
http://nedbatchelder.com/blog/201302/finding_python_3_builtins.html
Laura
--
https://mail.pytho
On Sun, Aug 23, 2015 at 9:52 AM, Mark Lawrence wrote:
> On 23/08/2015 00:44, Chris Angelico wrote:
>>
>> On Sun, Aug 23, 2015 at 9:25 AM, Mark Lawrence
>> wrote:
>>>
>>> I was always led to believe that the subject was a difficult thing to do,
>>> but here
>>>
>>> https://www.reddit.com/r/learnpy
On 23/08/2015 00:44, Chris Angelico wrote:
On Sun, Aug 23, 2015 at 9:25 AM, Mark Lawrence wrote:
I was always led to believe that the subject was a difficult thing to do,
but here
https://www.reddit.com/r/learnpython/comments/3huz4x/how_to_do_math_inside_raw_input/
is a safe solution in only 23
On Sun, Aug 23, 2015 at 9:25 AM, Mark Lawrence wrote:
> I was always led to believe that the subject was a difficult thing to do,
> but here
> https://www.reddit.com/r/learnpython/comments/3huz4x/how_to_do_math_inside_raw_input/
> is a safe solution in only 23 characters, or are there any discerna
I was always led to believe that the subject was a difficult thing to
do, but here
https://www.reddit.com/r/learnpython/comments/3huz4x/how_to_do_math_inside_raw_input/
is a safe solution in only 23 characters, or are there any discernable
flaws in it?
--
My fellow Pythonistas, ask not what o
On Sun, Nov 10, 2013 at 2:25 AM, Steven D'Aprano
wrote:
> On Sun, 10 Nov 2013 01:27:11 +1100, Chris Angelico wrote:
>
>> I was trying to sandbox CPython and run untrusted scripts while stopping
>> them from accessing the OS or file system. It's basically impossible
>
> PyPy is supposed to come wit
On Sun, 10 Nov 2013 01:27:11 +1100, Chris Angelico wrote:
> I was trying to sandbox CPython and run untrusted scripts while stopping
> them from accessing the OS or file system. It's basically impossible
PyPy is supposed to come with a proper sandbox. Although even in that
case, I think it is re
On Thu, Jun 3, 2010 at 9:12 PM, Shashwat Anand wrote:
> I have not much idea but Online Judges like SPOJ/codechef have regular
> programming-contests and python is one of allowed languages. So yes, it's
I am trying to make an online test for Python .
P.S Sorry ,I did not realize I sent the mail
Paul Boddie wrote:
>
[chroot "jail" solutions]
> I don't have the details with me now, but I'll probably upload the
> code in the near future and post some kind of explanation of what it
> does here.
I've now uploaded the code to the Python Package Index:
http://www.python.org/pypi/jailtools
I
> To launch a child process in a chroot you can easily just fork and
> then make the chroot syscall in the child process immediately after
> the fork.
It's not so easy. On Linux, you need to have the CAP_SYS_CHROOT
capability to invoke the syscall; on other systems, you may have
to be root.
Regar
On 6/25/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Jun 25, 11:58 am, Paul Boddie <[EMAIL PROTECTED]> wrote:
> > On 25 Jun, 16:48, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> > > I followed up with my ISP. Here's the answer I got:
> >
> > > The os.exec call prepends the
On Jun 25, 11:58 am, Paul Boddie <[EMAIL PROTECTED]> wrote:
> On 25 Jun, 16:48, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
>
>
> > I followed up with my ISP. Here's the answer I got:
>
> > The os.exec call prepends the chroot directory to the absolute path,
> > but does NOT provide chroot fo
On Jun 25, 4:12 pm, Bjoern Schliessmann wrote:
> [EMAIL PROTECTED] wrote:
> > I followed up with my ISP. Here's the answer I got:
>
> > The os.exec call prepends the chroot directory to the absolute
> > path, but does NOT provide chroot for the child process.
>
> That sounds like rubbish to me. I
> The os.exec call prepends the chroot directory to the absolute path,
> but does NOT provide chroot for the child process. However, as long
> as the environment is maintained, which contains an LD_PRELOAD, the
> "chroot" will also be maintained. If LD_PRELOAD is removed or
> ignored, then the c
, it is safe. Be careful
not to put any s-bit programs into the jail.
>>> So is a chroot jail not adequate for sandboxing Python?
>> You have to define your threat model. If the threat to prevent is
>> a malicious user getting at your data, or spreading a virus
>> through
[EMAIL PROTECTED] wrote:
> I followed up with my ISP. Here's the answer I got:
>
> The os.exec call prepends the chroot directory to the absolute
> path, but does NOT provide chroot for the child process.
That sounds like rubbish to me. If it worked like that, chrooting
servers would be virtu
On 25 Jun, 16:48, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>
> I followed up with my ISP. Here's the answer I got:
>
> The os.exec call prepends the chroot directory to the absolute path,
> but does NOT provide chroot for the child process. However, as long
> as the environment is maintaine
On 2007-06-25, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] schrieb:
>>
>> > This wiki page suggests using a chroot jail to sandbox Python, but
>> > wouldn't running something like this in your sandboxed Python
[EMAIL PROTECTED] wrote:
> On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
>> [EMAIL PROTECTED] schrieb:
>>
>>> This wiki page suggests using a chroot jail to sandbox Python, but
>>> wouldn't running something like this in your sandboxed Python instance
>>> still break you out of t
On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] schrieb:
>
> > This wiki page suggests using a chroot jail to sandbox Python, but
> > wouldn't running something like this in your sandboxed Python instance
> > still break you out of the chroot jail:
>
> > os.exe
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Jun 25, 1:43 am, "Martin v. Löwis" <[EMAIL PROTECTED]> wrote:
> > You have to define your threat model. If the threat to prevent is
> > a malicious user getting at your data, or spreading a virus
> > through your files, then chroot is perfectly ade
This was my thought too. I just figured there was something special
about this command that brought one to the "real" Python intrepreter
and then to the real "/bin/sh". That's odd, my ISP seem adament that
this is a way to break out. I'll just have to put in the wor
7;import os; os.execlp("/bin/sh")')
How could deleting LD_PRELOAD help? chroot is not a library trick.
It's a mechanism implemented in the operating system.
> So is a chroot jail not adequate for sandboxing Python?
You have to define your threat model. If the threat to p
t;
> My ISP suggested these as counter-examples to my request for a chroot
> jail. (I couldn't even get Python running in chroot to test this, nor
> could I run these commands locally in Python on Ubuntu, though maybe
> they opened sh?)
>
> So is a chroot jail not adequate fo
is, nor
could I run these commands locally in Python on Ubuntu, though maybe
they opened sh?)
So is a chroot jail not adequate for sandboxing Python?
-Greg
--
http://mail.python.org/mailman/listinfo/python-list
29 matches
Mail list logo
